Kali system -- fierce of DNS collection and analysis

Reprinted from ：https://blog.csdn.net/weixin_34236869/article/details/91709966
1> effect ： Find target's IP And the host name , Blasting subdomain name, etc
characteristic ： You can set multiple discontinuous IP Address , It can be multithreaded
Fierce Is a IP、 Domain name mutual check DNS Tools , Domain transfer vulnerability detection can be performed 、 Dictionary explosion subdomain 、 The check IP paragraph 、 Reverse check the next paragraph of the specified domain name IP, It belongs to a semi lightweight multi-threaded information collection appliance .Fierce Try to build HTTP Connect to determine if the subdomain name exists , This feature is not a lightweight feature , therefore , Defined as semi lightweight .

2> Parameter interpretation ：

#  Use command : fierce [-dns example.com] [OPTIONS]
Options:
        -connect [header.txt]          Right RFC1918 address HTTP Connect （ Time consuming 、 There's a lot of traffic ）, By default, the response header of the server is returned . Can be specified by file HTTP The request header Host Information , Such as ：fierce -dns example.com -connect headers.txt
        -delay <number>               Specify the time interval between queries 
        -dns <domain>                  Specify the domain name to query 
        -dnsfile <dnsfile.txt>          Use the file to specify the DNS Server list 
        -dnsserver <dnsserver>    Specify to initialize SOA Of the query DNS The server .（ Only used for out initialization , Subsequent queries will use the... Of the target DNS The server ）
        -file <domain.txt>               Output the results to a file 
        -fulloutput                          And -connect combination , Output all the information returned by the server 
        -help                                  Print help 
        -nopattern                         Not applicable to search mode to find host .（ This parameter is not used yet ）
        -range <1.1.1.1/24>          Internal IP Range do IP The check ( This parameter is not yet understood ). Must be with dnsserver Parameter matching , Specify internal DNS The server , Such as ： fierce -range 111.222.333.0-255 -dnsserver ns1.example.com
        -search <Search list>        Specify another domain , Search in other domains （ This parameter is not used ）, Such as ：   fierce -dns examplecompany.com -search corpcompany,blahcompany
        -tcptimeout <number>       Specify the timeout for the query 
        -threads [number]             Specify the number of threads to scan , Default single thread 
        -traverse [number]            Specify the top and bottom of the scan IP Range , Default scan up and down 5 each .
        -version                            Print fierce edition 
        -wide                                Scan the portal IP Address of the C paragraph . Generate large flow 、 More information will be collected .
        -wordlist <sub.txt>           Use the specified dictionary to explode the subdomain 
 
# []  The data in is optional 、<>  Inside is the required data 

3> It is easy to use
Bring your own dictionary 2280 individual , Very slowly , Just test a few , Use a self built dictionary